In embodiments of field value search drill down, a search system exposes a search interface that displays one or more events returned as a search result set. A field-value pair can be emphasized in the field-value pairs of an event displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized field-value pair of the event. The menu includes the search options to add search criteria of the emphasized field-value pair to a search command in a search bar of the search interface, exclude the search criteria of the emphasized field-value pair from a search, or create a new data search based on the emphasized field-value pair. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein the set of events are a results set of performing an initial search command displayed in the search interface, and the display of the search command updates the initial search command displayed in the search interface.
3. The method as of claim 1, wherein the operating is performed in response to the first selection and is on at least a portion of the segment.
4. The method of claim 1, wherein the selectable search options are displayed within a menu that is proximate the selected segment within the search interface.
5. The method of claim 1, wherein the selectable search options include an add to search option, an exclude from search option, or a new search option.
6. The method of claim 1, wherein the selectable search options include an add to search option that is selectable to automatically add text defining search criteria to the search command.
7. The method of claim 1, wherein the selectable search options include an exclude from search option that is selectable to automatically add text defining search criteria to the search command.
8. The method of claim 1, wherein the selectable search options include a new search option that is selectable to automatically create a new data search based on the selected segment.
9. The method of claim 1, wherein the display of the selectable search options further includes an indication of a number of events of the set of events that include the selected segment.
10. The method of claim 1, wherein the display of the selectable search options further includes an indication of a number of events of the set of events that exclude the selected segment.
11. The method of claim 1, wherein, in response to the second input, the search command is modified to require at least a portion of the selected segment.
14. The method of claim 1, wherein the selectable search options are further displayed with selectable interface links each associated with a particular search option of the selectable search options, and wherein a selectable interface link, when activated, initiates a new search interface.
16. The method of claim 1, wherein the set of events are returned as a search result, the set of events being identified from collected data that comprises at least one of raw data, machine data, performance data, log data, diagnostic information, transformed data, or mashup data combined from multiple sources.
17. The method of claim 1, wherein the set of events are returned as a search result performed using a late-binding schema on data collected from one or more sources, and wherein the event comprises a portion of raw data that is associated with a timestamp indicating a respective point in time associated with the event.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 26, 2022
January 9, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.